svn commit: r284404 - stable/10
Gregory Neil Shapiro
gshapiro at FreeBSD.org
Mon Jun 15 04:20:33 UTC 2015
Author: gshapiro
Date: Mon Jun 15 04:20:32 2015
New Revision: 284404
URL: https://svnweb.freebsd.org/changeset/base/284404
Log:
MFC: Add a quick (?) note for users who may be having sendmail interoperability issues
due to the recent (FreeBSD-SA-15:10.openssl) OpenSSL change to reject 512 bit
DH parameters. Affects 11-CURRENT and 10-STABLE.
Modified:
stable/10/UPDATING
Modified: stable/10/UPDATING
==============================================================================
--- stable/10/UPDATING Mon Jun 15 04:18:29 2015 (r284403)
+++ stable/10/UPDATING Mon Jun 15 04:20:32 2015 (r284404)
@@ -16,6 +16,30 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20150614:
+ The import of openssl to address the FreeBSD-SA-15:10.openssl
+ security advisory includes a change which rejects handshakes
+ with DH parameters below 768 bits. sendmail releases prior
+ to 8.15.2 (not yet released), defaulted to a 512 bit
+ DH parameter setting for client connections. To work around
+ this interoperability, sendmail can be configured to use a
+ 2048 bit DH parameter by:
+
+ 1. Edit /etc/mail/`hostname`.mc
+ 2. If a setting for confDH_PARAMETERS does not exist or
+ exists and is set to a string beginning with '5',
+ replace it with '2'.
+ 3. If a setting for confDH_PARAMETERS exists and is set to
+ a file path, create a new file with:
+ openssl dhparam -out /path/to/file 2048
+ 4. Rebuild the .cf file:
+ cd /etc/mail/; make; make install
+ 5. Restart sendmail:
+ cd /etc/mail/; make restart
+
+ A sendmail patch is coming, at which time this file will be
+ updated.
+
20150601:
chmod, chflags, chown and chgrp now affect symlinks in -R mode as
defined in symlink(7); previously symlinks were silently ignored.
More information about the svn-src-all
mailing list